
/**   
 * @Title: ShiroDbRealm.java 
 * @Package: com.aft.jlgh.modules.user.security 
 * @Description: TODO
 * @author Mandarava  
 * @date 2016年5月17日 上午10:32:45 
 * @version 1.3.1 
 * @Email wuyan1688@qq.com
 */

package com.infoland.common.security;

import java.util.List;

import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import com.infoland.modules.main.model.Admin;
import com.infoland.modules.main.model.Menu;
import com.infoland.modules.main.service.SystemService;

/**
 * @author Mandarava
 * @date 2016年5月17日 上午10:32:45
 * @version V1.3.1
 */

public class ShiroAuthorizingRealm extends AuthorizingRealm {

	/**
	 * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用
	 * 
	 * @param principals
	 * @return
	 * @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
	 */

	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		ShiroPrincipal subject = (ShiroPrincipal) super.getAvailablePrincipal(principals);
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
		if (!subject.isAuthorized()) {
			List<String> authorities = SystemService.service.getAdminPermissions(subject.getUser());
			List<String> rolelist = SystemService.service.getAdminRoles(subject.getUser());
			List<Menu> menus = SystemService.service.getAdminResouce();
			subject.setAuthorities(authorities);
			subject.setRoles(rolelist);
			subject.setMenus(menus);
			subject.setAuthorized(true);
		}
		// 给当前用户设置权限
		info.addStringPermissions(subject.getAuthorities());
		info.addRoles(subject.getRoles());
		return info;
	}

	/**
	 * 认证回调函数,登录时调用
	 * 
	 * @param authcToken
	 * @return
	 * @throws AuthenticationException
	 * @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
	 */

	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
			throws AuthenticationException {
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		Admin admin = SystemService.service.findAdminByName(token.getUsername());
		if (admin == null) {
			throw new UnknownAccountException("用户不存在");
		}
		if ("1".equals(admin.getAStatus())) {
			throw new LockedAccountException("用户被锁定");
		}
		if ("3".equals(admin.getAStatus())) {
			throw new AccountException("用户已注销");
		}
		ShiroPrincipal subject = new ShiroPrincipal(admin);
		AuthenticationInfo principals = new SimpleAuthenticationInfo(subject, admin.getALoginPassword(), getName());
		return principals;
	}

}
